PT-2026-46330

That number got my attention. I've cleaned up enough incidents to know what usually happens when a vulnerability becomes public. Attackers don't wait. Right now there are 145 WordPress plugins/themes with publicly disclosed vulnerabilities that still have no available fix. If you're running any o...

CVE-2026-0300

A buffer overflow vulnerability in the User-ID™ Authentication Portal aka Captive Portal service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. T...

CVE-2026-33247

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, if a nats-server is run with static credentials for all clients provided via argv the command-line, then those credentials are visible to any user who can see the...

UBUNTU-CVE-2026-33216

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, for MQTT deployments using usercodes/passwords: MQTT passwords are incorrectly classified as a non-authenticating identity statement JWT and exposed via monitoring...

EUVD-2019-0258

Malware in sbrugna...

EUVD-2023-2538

Malicious code in bioql PyPI...

Vulnerabilities Resolved in Veeam Backup & Replication 12.3.2

All vulnerabilities documented in this article were resolved in Veeam Backup & Replication 12.3.2. Veeam Product Latest Version Download Page Veeam Software Security Commitment Veeam® is committed to ensuring its products protect customers from potential risks. As part of that commitment, we...

[R2] Security Center Version 6.6.0 Fixes Multiple Vulnerabilities

R2 Security Center Version 6.6.0 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 05/06/2025 - 09:44 Security Center leverages third-party software to help provide underlying functionality. Several of the third-party components sqlite, ua-parser-js were found to contain vulnerabilities, and updat...

CVE-2025-3301

CVE-2025-3301 concerns DPA countermeasures being unavailable for ECDH key agreement and EdDSA signing on Curve25519 and Curve448 on all Series 2 modules and SoCs due to lack of hardware and software support. The consequence is potential exposure of confidential information if a DPA attack is succ...

[R1] Security Center Version 6.5.1 Fixes Multiple Vulnerabilities

R1 Security Center Version 6.5.1 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 12/10/2024 - 11:22 Security Center leverages third-party software to help provide underlying functionality. One of the third-party components PHP was found to contain vulnerabilities, and an updated version has been...

CVE-2024-0012

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege...

CVE-2024-0012

CVE-2024-0012 is an authentication bypass in Palo Alto Networks PAN-OS management web interface that lets an unauthenticated, network-reachable attacker gain PAN-OS administrator privileges. Affected products/versions: PAN-OS 10.2, 11.0, 11.1, and 11.2; Cloud NGFW and Prisma Access are not impact...

CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege...

CVE-2024-48919 RCE via Prompt Injection Into Cursor's Terminal Cmd-K

Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an attacker with control over the referenced web...

CVE-2024-20490 Cisco Nexus Dashboard Fabric Controller and Nexus Dashboard Orchestrator Information Disclosure Vulnerability

A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller NDFC and Cisco Nexus Dashboard Orchestrator NDO could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy credentials could be recorded in ...

Netscaler Upgrades and General Configuration

Introduction This document provides useful resources and links to help with upgrading NetScaler and for performing general configuration. See the best practice guides provided below to help with validating your deployment. The tools and resources section includes the Precheck Tool, which can be...

GHSA-VH7Q-J8P5-2H4H silverstripe/framework sends passwords back to browsers under some circumstances

Under some circumstances a form may populate a PasswordField with submitted data, reflecting submitted data back to a user. The user will only see their own submissions for password data, which is not considered best practice. We are not aware of data leaks to other users, devices or sessions...

BIT-COMPOSER-2023-43655 Remote Code Execution via web-accessible composer.phar

Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has registerargcargv enabled in php.ini. Versions 2.6.4, 2.2.22 an...

PT-2023-32457 · WordPress · Ecommerce Product Catalog Plugin

Name of the Vulnerable Software and Affected Versions: eCommerce Product Catalog Plugin for WordPress versions prior to 3.3.26 Description: The issue is related to the lack of CSRF checks in some admin pages of the plugin, which could allow attackers to make logged-in users perform unwanted actio...

PT-2023-8865 · Unknown +1 · Minizip-Ng +1

Name of the Vulnerable Software and Affected Versions: minizip-ng version 4.0.2 Description: The issue is related to a Buffer Overflow in the mz path resolve function, located in the mz os.c file, which can be exploited by an attacker using a crafted file. This could allow a remote attacker to...